On Thu, September 29, 2005 13:17, Bruce Smith wrote:
> I just compiled a new server release yesterday. Why did the size of the
> new dist file get significantly smaller than my compile 5 weeks ago? Both
> are using the standard "server" configuration. Yesterday's should be
> larger because it has the newly added DansGuardian.
>
> -rw-r--r-- 1 root root 188333438 2005-08-15 02:14
> devil-linux-1.2.7-2005-08-15-i686-SMP-bs.tar.bz2 -rw-r--r-- 1 root root
> 155122379 2005-09-28 21:54
> devil-linux-1.2.7-2005-09-29-i686-SMP-bs.tar.bz2
>
> Is this because of removing the debug symbols?
Correct.
We're now removing debug symbols from all files, before we only did a few
directories.
--
Regards
Heiko Zuerker
http://www.devil-linux.org

I just compiled a new server release yesterday. Why did the size of the
new dist file get significantly smaller than my compile 5 weeks ago?
Both are using the standard "server" configuration. Yesterday's should
be larger because it has the newly added DansGuardian.
-rw-r--r-- 1 root root 188333438 2005-08-15 02:14 devil-linux-1.2.7-2005-08-15-i686-SMP-bs.tar.bz2
-rw-r--r-- 1 root root 155122379 2005-09-28 21:54 devil-linux-1.2.7-2005-09-29-i686-SMP-bs.tar.bz2
Is this because of removing the debug symbols?
- BS

On Sun, September 25, 2005 06:23, Serge Leschinsky wrote:
> Dear Heiko
>
>
> Friday, September 23, 2005, 4:39:53 PM, you wrote:
>
>
> There are patches in the attachment.
>
>
>>> 2.
>>>
>>>> A Stackable Unification File System
>>>>
>> Send it in.
>>
> Use it carefully, please. This code sometimes crashes the kernel. On the
> other hand, Klaus Knopper uses it! And I too :-), but don't use it in
> vitally important hosts, of course. I read unionfs mail list and the core
> developers discussed that the last snapshots had become quite stable, more
> stable as 1.0.14 release.
Hmmmm....
It may be an idea to add it, but disable it in the default config.
We can't introduce anything into the standard DL, which could crash the
system.
>>> 3. Full-featured but tine replacement for LMsensors (without any
>>> kernel modules)
> tine == tiny. Sorry.
>> It says X, but I guess there's also a console version?
>> Send it in.
>>
> Of course! And rrdtools knows about mbmon and can use it.
> But I repacked package before using with new name "xmbmon-205.tar.bz2" -
> in this case getting of the package name is more simpler.
We try and avoid repackaging sources, because you have to do it every time
you update the software.
--
Regards
Heiko Zuerker
http://www.devil-linux.org

Dear Heiko
Friday, September 23, 2005, 4:39:53 PM, you wrote:
There are patches in the attachment.
>> 2.
>>> A Stackable Unification File System
> Send it in.
Use it carefully, please. This code sometimes crashes the kernel. On the other
hand, Klaus Knopper uses it! And I too :-), but don't use it in vitally
important hosts, of course.
I read unionfs mail list and the core developers discussed that the last
snapshots had become quite stable, more stable as 1.0.14 release.
>> 3. Full-featured but tine replacement for LMsensors (without any kernel
>> modules)
tine == tiny. Sorry.
> It says X, but I guess there's also a console version?
> Send it in.
Of course! And rrdtools knows about mbmon and can use it.
But I repacked package before using with new name "xmbmon-205.tar.bz2" - in this case
getting of the package name is more simpler.
--
Best regards,
Serge mailto:fish@...

On Fri, September 23, 2005 05:50, Serge Leschinsky wrote:
> Dear Sirs,
>
>
> There are some script in the my 'scripts' folder for easing my own
> life when I do custom build. I'm not sure of code cleanness but "it works
> for me" (c). And probably these applications are necessary for me only.
>
> So, I post only descriptions and if anybody wants I'll send
> scripts too.
>
> 1.
>
>> UCARP allows a couple of hosts to share common virtual IP addresses
>> in order to provide automatic failover. It is a portable userland
>> implementation of the secure and patent-free Common Address Redundancy
>> Protocol (CARP, OpenBSD's alternative to the VRRP).
>>
>>
>> Strong points of the CARP protocol are : very low overhead,
>> cryptographically signed messages, interoperability between different
>> operating systems and no need for any dedicated extra network link
>> between redundant hosts.
>>
>> Home page is http://www.ucarp.org/
Send it in.
> 2.
>
>> A Stackable Unification File System
>> This project builds a stackable unification file system, which can
>> appear to merge the contents of several directories (branches), while
>> keeping their physical content separate. Unionfs is useful for unified
>> source tree management, merged contents of split CD-ROM, merged separate
>> software package directories, data grids, and more. Unionfs allows any
>> mix of read-only and read-write branches, as well as insertion and
>> deletion of branches anywhere in the fan-out. To maintain unix
>> semantics, Unionfs handles elimination of duplicates, partial-error
>> conditions, and more. Unionfs is part of the larger FiST project.
>> http://www.filesystems.org/project-unionfs.html
Send it in.
> 3. Full-featured but tine replacement for LMsensors (without any kernel
> modules)
>> Mother Board Monitor Program for X Window System
>> [only on x86 platforms!]
>> XMBmon ver.2.05
>> Recent motherboards have functionalities to monitor the CPU
>> temperatures and the frequency of CPU cooling fans etc. Although some
>> programs utilizing these hardware monitoring facilities have been
>> developed for the Microsoft Windows platforms, no programs seem to exist
>> for PC-UNIX and the X Windows System platforms. Thus, I have tried to
>> make small programs. They have only least functionalities, the one
>> "mbmon" used at the command line reports the temperatures,
>> voltages and rpm (rounds per minute) of cooling fans, and the other
>> "xmbmon" displays the three temperatures and a core voltage
>> as simple curves.
>> http://www.nt.phys.kyushu-u.ac.jp/shimizu/download/download.html
It says X, but I guess there's also a console version?
Send it in.
> 4.
>
>> Dante - a socks client and server implementation for UNIX.
>> Dante is a circuit-level firewall/proxy that can be used to provide
>> convenient and secure network connectivity to a wide range of hosts while
>> requiring only the server Dante runs on to have external network
>> connectivity. http://www.inet.no/dante/
A couple people asked before for a socks server...
Send it in.
--
Regards
Heiko Zuerker
http://www.devil-linux.org

Dear Sirs,
There are some script in the my 'scripts' folder for easing my own
life when I do custom build. I'm not sure of code cleanness but "it
works for me" (c). And probably these applications are necessary for
me only.
So, I post only descriptions and if anybody wants I'll send
scripts too.
1.
> UCARP allows a couple of hosts to share common virtual IP addresses
> in order to provide automatic failover. It is a portable userland
> implementation of the secure and patent-free Common Address
> Redundancy Protocol (CARP, OpenBSD's alternative to the VRRP).
>
> Strong points of the CARP protocol are : very low overhead,
> cryptographically signed messages, interoperability between
> different operating systems and no need for any dedicated extra
> network link between redundant hosts.
>
> Home page is http://www.ucarp.org/
2.
> A Stackable Unification File System
> This project builds a stackable unification file system, which can
> appear to merge the contents of several directories (branches),
> while keeping their physical content separate. Unionfs is useful for
> unified source tree management, merged contents of split CD-ROM,
> merged separate software package directories, data grids, and more.
> Unionfs allows any mix of read-only and read-write branches, as well
> as insertion and deletion of branches anywhere in the fan-out. To
> maintain unix semantics, Unionfs handles elimination of duplicates,
> partial-error conditions, and more. Unionfs is part of the larger
> FiST project.
> http://www.filesystems.org/project-unionfs.html
3. Full-featured but tine replacement for LMsensors (without any kernel modules)
> Mother Board Monitor Program for X Window System
> [only on x86 platforms!]
> XMBmon ver.2.05
> Recent motherboards have functionalities to monitor the CPU
> temperatures and the frequency of CPU cooling fans etc. Although
> some programs utilizing these hardware monitoring facilities have been
> developed for the Microsoft Windows platforms, no programs seem to
> exist for PC-UNIX and the X Windows System platforms. Thus, I have
> tried to make small programs. They have only least functionalities,
> the one "mbmon" used at the command line reports the temperatures,
> voltages and rpm (rounds per minute) of cooling fans, and the
> other "xmbmon" displays the three temperatures and a core voltage
> as simple curves.
> http://www.nt.phys.kyushu-u.ac.jp/shimizu/download/download.html
4.
> Dante - a socks client and server implementation for UNIX.
> Dante is a circuit-level firewall/proxy that can be used to provide
> convenient and secure network connectivity to a wide range of hosts
> while requiring only the server Dante runs on to have external
> network connectivity.
> http://www.inet.no/dante/
--
Best regards,
Serge mailto:fish@...

Indeed. Heimdal is disabled. When I enable it and build the system
again, with freeradius already built, heimdal builds just fine. Later
I forced a rebuild of freeradius and it fails. Is heimdal overwriting
some libraries? Would it help by changing the build order so
freeradius builds first and heimdal afterwards?
Marcel
On 9/14/05, Heiko Zuerker <heiko@...> wrote:
>=20
> On Mon, August 29, 2005 02:03, Marcel Wiget wrote:
> > Hi,
> >
> >
> > I was in need of freeradius in devl-linux 1.2.x, so I created the
> > required files and attached the patches to this email. The freeradius
> > source file I used and placed into build/src is:
> >
> > ftp://ftp.freeradius.org/pub/radius/freeradius-1.0.4.tar.gz
> >
> >
> > Maybe this is as useful for others as it is to my project with devil-
> > linux (wireless 802.1x authentication server).
>=20
> I can't get freeradius compiled, it has issues with krb5.
> Did you have Heimdal disabled by any chance, when you tested it?
>=20
> --
>=20
> Regards
> Heiko Zuerker
> http://www.devil-linux.org
>=20
>=20
>=20
>=20
> -------------------------------------------------------
> SF.Net email is sponsored by:
> Tame your development challenges with Apache's Geronimo App Server. Downl=
oad
> it for free - -and be entered to win a 42" plasma tv or your very own
> Sony(tm)PSP. Click here to play: http://sourceforge.net/geronimo.php
> _______________________________________________
> Devil-linux-develop mailing list
> Devil-linux-develop@...
> https://lists.sourceforge.net/lists/listinfo/devil-linux-develop
>

Indeed. Heimdal is disabled. When I enable it and build the system again,
with freeradius already built, heimdal builds just fine. Later I forced a
rebuild of freeradius and it fails. Is heimdal overwriting some libraries?
Would it help by changing the build order so freeradius builds first and
heimdal afterwards?
Marcel
On 9/14/05 9:31 PM, "Heiko Zuerker" <heiko@...> wrote:
>
>
> On Mon, August 29, 2005 02:03, Marcel Wiget wrote:
>> > Hi,
>> >
>> >
>> > I was in need of freeradius in devl-linux 1.2.x, so I created the
>> > required files and attached the patches to this email. The freeradius
>> > source file I used and placed into build/src is:
>> >
>> > ftp://ftp.freeradius.org/pub/radius/freeradius-1.0.4.tar.gz
>> >
>> >
>> > Maybe this is as useful for others as it is to my project with devil-
>> > linux (wireless 802.1x authentication server).
>
> I can't get freeradius compiled, it has issues with krb5.
> Did you have Heimdal disabled by any chance, when you tested it?
>
> --
>
> Regards
> Heiko Zuerker
> http://www.devil-linux.org
>
>
>
>
> -------------------------------------------------------
> SF.Net email is sponsored by:
> Tame your development challenges with Apache's Geronimo App Server. Download
> it for free - -and be entered to win a 42" plasma tv or your very own
> Sony(tm)PSP. Click here to play: http://sourceforge.net/geronimo.php
> _______________________________________________
> Devil-linux-develop mailing list
> Devil-linux-develop@...
> https://lists.sourceforge.net/lists/listinfo/devil-linux-develop
>

On September 12, 2005 09:56, Heiko Zuerker wrote:
> On Mon, September 12, 2005 10:40, Martin Glazer wrote:
> >> On Sun, September 11, 2005 22:55, Martin Glazer wrote:
> >>> On September 11, 2005 19:38, Heiko Zuerker wrote:
> >>>> On Fri, September 9, 2005 18:29, Martin Glazer wrote:
> >>>>> Hi,
> >>>>>
> >>>>>
> >>>>>
> >>>>>
> >>>>> There is still an issue with postfix using saslauthd in the
> >>>>> latest devil-linx - the problem is that cyrus-sasl puts its
> >>>>> configuration file smtpd.conf in /usr/lib/sasl2/ which of course
> >>>>> is non writable on the CD.
> >>>>>
> >>>>> There are a number of possible solutions to this:
> >>>>> 1) Friedrich's solution of exporting the SASL_PATH in postfix
> >>>>> (see:
> >>>>> http://sourceforge.net/mailarchive/message.php?msg_id=11144397)
> >>>>>
> >>>>>
> >>>>>
> >>>>>
> >>>>> 2) cyrus-sasl-configdir patch
> >>>>> - found a gentoo patch here
> >>>>> http://prometheus.cs.wmich.edu/gentoo/rsync/dev-libs/cyrus-sasl/fi
> >>>>> les/ cyr u s-sasl-2.1.20-configdir.patch which appears to apply
> >>>>> cleanly
> >>>>>
> >>>>> 3) Create a symlink from /usr/lib/sasl2 to somewhere writeable
> >>>>> (in
> >>>>> /etc)
> >>>>>
> >>>>>
> >>>>>
> >>>>>
> >>>>> Anybody have a preferred method of resolving this?
> >>>>
> >>>> We probably should think about using the patch, because the symlink
> >>>> would require us to move the libraries too.
> >>>
> >>> Sorry, I wasn't clear - all that needs to be symlinked is the config
> >>> file smtpd.conf, no libraries.
> >>>
> >>> ln -sf /usr/lib/sasl2/smtpd.conf /etc/sasl/smtpd.conf
> >>
> >> I'm lagging the knowledge about sasl, but wouldn't there be other
> >> instances, where somebody would have more then this one config file?
> >
> > I've been trying to look further into the documentation and it does
> > appear that there may be times when there is more than 1 config file -
> > this depends on what application is actually going to be using sasl.
> >
> > In our case, as far as I'm aware, postfix is the only application that
> > may use sasl, hence the smtpd.conf file and only the need for us to
> > "move" this one file.
> >
> > Are there any other application on DL that use sasl?
>
> That's a definite maybe. ;-)
>
> I'm almost certain that quite a few more apps are configured to use SASL.
> Because of this, I would favor the patch.
OK, attached is the patch for the build/scripts/cyrus-sasl script as well as a
sample smtpd.conf file (to be placed in build/scripts/scripts).
Also, the actual cyrus-sasl configdir patch is attached. This should be placed
in the src directory. I obtained this from one of the Gentoo mirrors for
cyrus-sasl-2.1.20
http://prometheus.cs.wmich.edu/gentoo/rsync/dev-libs/cyrus-sasl/files/
Thanks
Martin

On Mon, August 29, 2005 02:03, Marcel Wiget wrote:
> Hi,
>
>
> I was in need of freeradius in devl-linux 1.2.x, so I created the
> required files and attached the patches to this email. The freeradius
> source file I used and placed into build/src is:
>
> ftp://ftp.freeradius.org/pub/radius/freeradius-1.0.4.tar.gz
>
>
> Maybe this is as useful for others as it is to my project with devil-
> linux (wireless 802.1x authentication server).
I can't get freeradius compiled, it has issues with krb5.
Did you have Heimdal disabled by any chance, when you tested it?
--
Regards
Heiko Zuerker
http://www.devil-linux.org

On Mon, September 12, 2005 10:40, Martin Glazer wrote:
>>
>> On Sun, September 11, 2005 22:55, Martin Glazer wrote:
>>
>>> On September 11, 2005 19:38, Heiko Zuerker wrote:
>>>
>>>
>>>> On Fri, September 9, 2005 18:29, Martin Glazer wrote:
>>>>
>>>>
>>>>> Hi,
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> There is still an issue with postfix using saslauthd in the
>>>>> latest devil-linx - the problem is that cyrus-sasl puts its
>>>>> configuration file smtpd.conf in /usr/lib/sasl2/ which of course
>>>>> is non writable on the CD.
>>>>>
>>>>> There are a number of possible solutions to this:
>>>>> 1) Friedrich's solution of exporting the SASL_PATH in postfix
>>>>> (see:
>>>>> http://sourceforge.net/mailarchive/message.php?msg_id=11144397)
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> 2) cyrus-sasl-configdir patch
>>>>> - found a gentoo patch here
>>>>> http://prometheus.cs.wmich.edu/gentoo/rsync/dev-libs/cyrus-sasl/fi
>>>>> les/ cyr u s-sasl-2.1.20-configdir.patch which appears to apply
>>>>> cleanly
>>>>>
>>>>> 3) Create a symlink from /usr/lib/sasl2 to somewhere writeable
>>>>> (in
>>>>> /etc)
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> Anybody have a preferred method of resolving this?
>>>>>
>>>>>
>>>>
>>>> We probably should think about using the patch, because the symlink
>>>> would require us to move the libraries too.
>>>
>>> Sorry, I wasn't clear - all that needs to be symlinked is the config
>>> file smtpd.conf, no libraries.
>>>
>>> ln -sf /usr/lib/sasl2/smtpd.conf /etc/sasl/smtpd.conf
>>
>> I'm lagging the knowledge about sasl, but wouldn't there be other
>> instances, where somebody would have more then this one config file?
>>
>
> I've been trying to look further into the documentation and it does
> appear that there may be times when there is more than 1 config file -
> this depends on what application is actually going to be using sasl.
>
> In our case, as far as I'm aware, postfix is the only application that
> may use sasl, hence the smtpd.conf file and only the need for us to "move"
> this one file.
>
> Are there any other application on DL that use sasl?
That's a definite maybe. ;-)
I'm almost certain that quite a few more apps are configured to use SASL.
Because of this, I would favor the patch.
--
Regards
Heiko Zuerker
http://www.devil-linux.org

>
> On Sun, September 11, 2005 22:55, Martin Glazer wrote:
>> On September 11, 2005 19:38, Heiko Zuerker wrote:
>>
>>> On Fri, September 9, 2005 18:29, Martin Glazer wrote:
>>>
>>>> Hi,
>>>>
>>>>
>>>>
>>>> There is still an issue with postfix using saslauthd in the latest
>>>> devil-linx - the problem is that cyrus-sasl puts its configuration
>>>> file smtpd.conf in /usr/lib/sasl2/ which of course is non writable on
>>>> the CD.
>>>>
>>>> There are a number of possible solutions to this:
>>>> 1) Friedrich's solution of exporting the SASL_PATH in postfix
>>>> (see: http://sourceforge.net/mailarchive/message.php?msg_id=11144397)
>>>>
>>>>
>>>>
>>>> 2) cyrus-sasl-configdir patch
>>>> - found a gentoo patch here
>>>> http://prometheus.cs.wmich.edu/gentoo/rsync/dev-libs/cyrus-sasl/files/
>>>> cyr u s-sasl-2.1.20-configdir.patch which appears to apply cleanly
>>>>
>>>> 3) Create a symlink from /usr/lib/sasl2 to somewhere writeable (in
>>>> /etc)
>>>>
>>>>
>>>>
>>>> Anybody have a preferred method of resolving this?
>>>>
>>>
>>> We probably should think about using the patch, because the symlink
>>> would require us to move the libraries too.
>>
>> Sorry, I wasn't clear - all that needs to be symlinked is the config
>> file smtpd.conf, no libraries.
>>
>> ln -sf /usr/lib/sasl2/smtpd.conf /etc/sasl/smtpd.conf
>
> I'm lagging the knowledge about sasl, but wouldn't there be other
> instances, where somebody would have more then this one config file?
>
I've been trying to look further into the documentation and it does appear
that there may be times when there is more than 1 config file - this
depends on what application is actually going to be using sasl.
In our case, as far as I'm aware, postfix is the only application that may
use sasl, hence the smtpd.conf file and only the need for us to "move"
this one file.
Are there any other application on DL that use sasl?
Martin

On Sun, September 11, 2005 22:55, Martin Glazer wrote:
> On September 11, 2005 19:38, Heiko Zuerker wrote:
>
>> On Fri, September 9, 2005 18:29, Martin Glazer wrote:
>>
>>> Hi,
>>>
>>>
>>>
>>> There is still an issue with postfix using saslauthd in the latest
>>> devil-linx - the problem is that cyrus-sasl puts its configuration
>>> file smtpd.conf in /usr/lib/sasl2/ which of course is non writable on
>>> the CD.
>>>
>>> There are a number of possible solutions to this:
>>> 1) Friedrich's solution of exporting the SASL_PATH in postfix
>>> (see: http://sourceforge.net/mailarchive/message.php?msg_id=11144397)
>>>
>>>
>>>
>>> 2) cyrus-sasl-configdir patch
>>> - found a gentoo patch here
>>> http://prometheus.cs.wmich.edu/gentoo/rsync/dev-libs/cyrus-sasl/files/
>>> cyr u s-sasl-2.1.20-configdir.patch which appears to apply cleanly
>>>
>>> 3) Create a symlink from /usr/lib/sasl2 to somewhere writeable (in
>>> /etc)
>>>
>>>
>>>
>>> Anybody have a preferred method of resolving this?
>>>
>>
>> We probably should think about using the patch, because the symlink
>> would require us to move the libraries too.
>
> Sorry, I wasn't clear - all that needs to be symlinked is the config
> file smtpd.conf, no libraries.
>
> ln -sf /usr/lib/sasl2/smtpd.conf /etc/sasl/smtpd.conf
I'm lagging the knowledge about sasl, but wouldn't there be other
instances, where somebody would have more then this one config file?
--
Regards
Heiko Zuerker
http://www.devil-linux.org

On Fri, September 9, 2005 18:29, Martin Glazer wrote:
> Hi,
>
>
> There is still an issue with postfix using saslauthd in the latest
> devil-linx - the problem is that cyrus-sasl puts its configuration file
> smtpd.conf in /usr/lib/sasl2/ which of course is non writable on the CD.
>
> There are a number of possible solutions to this:
> 1) Friedrich's solution of exporting the SASL_PATH in postfix
> (see: http://sourceforge.net/mailarchive/message.php?msg_id=11144397)
>
>
> 2) cyrus-sasl-configdir patch
> - found a gentoo patch here
> http://prometheus.cs.wmich.edu/gentoo/rsync/dev-libs/cyrus-sasl/files/cyru
> s-sasl-2.1.20-configdir.patch which appears to apply cleanly
>
> 3) Create a symlink from /usr/lib/sasl2 to somewhere writeable (in /etc)
>
>
> Anybody have a preferred method of resolving this?
We probably should think about using the patch, because the symlink would
require us to move the libraries too.
--
Regards
Heiko Zuerker
http://www.devil-linux.org

> > Has anyone actually tried the program?
> > I'd like to hear how well it really works (or not).
>
> Sorry, I cannot help here.
I was just thinking it'd be nice to hear from someone who's actually
used it before we go to the work of including it in DL. To make sure it
works as advertised, etc. :-)
> > Also, looking at the docs, it appears that it does not work directly
> > with squid, but it's a standalone proxy server and squid can be setup to
> > proxy it's traffic through it. Not the best way to integrate it with
> > Squid, IMO.
>
> True, but this gives the option not to cache, but just filter/check for
> viruses, and you can get by without Squid.
I'd still rather have it be part of squid. I use squid sometimes when I
don't want to cache. i.e If I want to enforce authentication, or if I
want to create usage logs. I've even installed squid on a standalone
workstation and pointed the browsers to localhost. For some reason the
browsers seem to run faster when going through squid, instead of using
their own cache (weird, I know).
> > I'm curious why you picked this one over the others listed?
>
> Good question :-)
Yeah, it seemed to me like it'd be a good idea to compare all the
options before choosing one to be included in DL. And it's also be nice
to talk to someone who's used it to make sure it runs. :-)
It looks like you compared the features below and found the best fit for
DL. Are you offering to provide us a patch to add HAVP, or is this a
feature request?
If you're going to provide us a patch, please burn a CD and test it out
before you submit the patch. :-)
- BS

Bruce Smith wrote:
> Has anyone actually tried the program?
> I'd like to hear how well it really works (or not).
Sorry, I cannot help here.
> Also, I see there are some other AV addons for squid listed on the
> http://www.clamav.net/3rdparty.html#webftp page mentioned. =20
> Is this one the "best" one for DL?
Dunno. Se below..
> Also, looking at the docs, it appears that it does not work directly
> with squid, but it's a standalone proxy server and squid can be setup t=
o
> proxy it's traffic through it. Not the best way to integrate it with
> Squid, IMO.
True, but this gives the option not to cache, but just filter/check for=20
viruses, and you can get by without Squid.
> I'm curious why you picked this one over the others listed?=20
Good question :-)
> (unless you don't plan on using Squid, then I understand)
> As you can probably tell, I use and like Squid. :-)
I like Squid too. It is just not required in all installations.
I go through all the choices on the above mentioned clamav page:
DansGuardian Anti-Virus Patch - takes the Virus Scanning capabilities of=20
ClamAV and integrates them into the content filtering web proxy=20
DansGuardian.
Latest: Antivirus plugin stable version 6.4.3 for DansGuardian 2.8.0.6
I'm not sure if this DansGuardian 2.8.0.6 is a proxy which has to be=20
installed, too.
OK. This one looks good feature-wise, but that additional requirement...=20
Hmm...
Frox - Frox is a transparent ftp proxy.
Not for the intended usage?
Otherwise, Frox might be a nice addon, if ftp proxy is required.
...or does Squid do ftp proxying really well nowadays?
HAVP - proxy with an antivirus filter. It does not cache or filter=20
content. At the moment the complete traffic is scanned. A reason for=20
that is the chance of malicious code in nearly every filetypes e.g. HTML=20
(JavaScript) or Jpeg.
mod_clamav - Apache virus scanning filter
Not for the intended usage.
ClamAV module for ProFTPD - This is an add on module for ProFTPD
Not for the intended usage.
SafeSquid - if I understand right, the free version is a cache only, and=20
does not have ClamAV support. Commercial version has it all.
If I'm wrong, the this might be the best one.
SquidClamAV Redirector - 404 Not Found ...
Squidclam - this is really not ready yet
Viralator - Viralator is a perl script that virus scans http downloads=20
on a linux server after passing through the squid proxy server.
Future Enhancements:
1. Remove the use of Wget and use LWP Perl module to download the files
2. Fix Internet Explorer anonomous FTP problem
3. Fix websites that use .exe as a web page extension
So,
DansGuradian
HAVP
SafeSquid
These are the only three options I see.
If DG requires another proxy to be installed, and SS does not have=20
ClamAV support in the free version, we only have HAVP left.
> - BS
>=20
>=20
>=20
>=20
>>You got my OK.
>>Anybody wants to submit a patch?
>>
>>Heiko
>>
>>On Thu, September 8, 2005 15:45, Kari Mattsson wrote:
>>
>>>from their web site:
>>>
>>>HAVP (HTTP Antivirus Proxy) is a proxy with a ClamAV anti-virus scanne=
r.
>>>The main aims are continuous, non-blocking downloads and smooth scanni=
ng
>>>of dynamic and password protected HTTP traffic. Havp antivirus proxy h=
as a
>>>parent and transparent proxy mode. It can be used with squid or
>>>standalone.
>>>
>>># HTTP Antivirus proxy
>>># Scans complete incomming traffic
>>># Nonblocking downloads
>>># Smooth scanning of dynamic and password protected traffic
>>># Can used with squid or other proxy
>>># Parent proxy support
>>># Transparent proxy support
>>># Logfile
>>># Process change to defined user and group
>>># Daemon
>>># Use Clamav (GPL antivirus)
>>># Operating System: Linux
>>># Written in C++
>>># Released under GPL
>>>
>>>
>>>http://www.server-side.de/index.htm
>>>
>>>
>>>I think this really would add something very unique to DL:
>>>I've been searching for a CD-based Linux with realtime http traffic
>>>virus scanning. None found so far.
>>>
>>>The external boxes from Panda/TrendMicro/etc. are hideously expensive.
>>>A DL box would be more suitable for many organisations.
>>>
>>>
>>>OK. Those expensive boxes do more, but still..
>>>
>>>
>>>I found this HAVP from http://www.clamav.net/3rdparty.html#webftp
>>>
>>>
>>>The source download is less than 600 KB.
>>>
>>>
>>>This is a Request For Comment :-)
>>>
>>>
>>>
>>>Terveisin/With kind regards/Med h=E4lsningar/Lugupidamisega,
>>>
>>>
>>>Kari Mattsson
>>>
>=20
>=20
>=20
>=20
> -------------------------------------------------------
> SF.Net email is Sponsored by the Better Software Conference & EXPO
> September 19-22, 2005 * San Francisco, CA * Development Lifecycle Pract=
ices
> Agile & Plan-Driven Development * Managing Projects & Teams * Testing &=
QA
> Security * Process Improvement & Measurement * http://www.sqe.com/bsce5=
sf
> _______________________________________________
> Devil-linux-develop mailing list
> Devil-linux-develop@...
> https://lists.sourceforge.net/lists/listinfo/devil-linux-develop
>=20
Terveisin/With kind regards/Med h=E4lsningar/Lugupidamisega,
Kari Mattsson
Trivore Corp.